 /*******************************************************************************
  * Copyright (c) 2006 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
  * http://www.eclipse.org/legal/epl-v10.html
  *
  * Contributors:
  * IBM Corporation - initial API and implementation
  *******************************************************************************/
 package org.eclipse.osgi.internal.verifier;

 import java.security.cert.Certificate ;
 import java.security.cert.CertificateException ;
 import org.eclipse.osgi.internal.provisional.verifier.CertificateTrustAuthority;
 import org.eclipse.osgi.util.NLS;

 public class DefaultTrustAuthority implements CertificateTrustAuthority {
     // the KeyStores that we determine trust from. This only gets intialized the
 // supportFlags include the VERIFY_TRUST flag
 private KeyStores keyStores;
     // used to indicate if we should check the KeyStores object for trust.
 private int supportFlags;
     public DefaultTrustAuthority(int supportFlags) {
         this.supportFlags = supportFlags;
     }
     public void checkTrust(Certificate [] certChain) throws CertificateException {
         if (certChain == null || certChain.length == 0) {
             throw new IllegalArgumentException (JarVerifierMessages.Cert_Verifier_Illegal_Args);
         }
         KeyStores stores = getKeyStores();
         // stores == null when the supportFlags includes the VERIFY_TRUST flag
 if (stores != null && !stores.isTrusted(certChain[certChain.length - 1])) {
             throw new CertificateException (NLS.bind(JarVerifierMessages.Cert_Verifier_Not_Trusted, new String [] {certChain[0].toString()}));
         }
     }

     private synchronized KeyStores getKeyStores() {
         if (((supportFlags & SignedBundleHook.VERIFY_TRUST) == 0) || keyStores != null)
             return keyStores;
         keyStores = new KeyStores();
         return keyStores;
     }
     public void addTrusted(Certificate [] certs) throws CertificateException {
         // do nothing for now ...
 }

 }

